网络总是时好时坏,大家看看iptables规则哪里有错误? 内网是eth1,外网是eth0.
iptables -F
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -t nat -A POSTROUTING -s 205.220.30.0/24 -o eth0 -j SNAT --to 77.151.196.84
iptables -t nat -A PREROUTING -s 205.220.30.0/24 -i eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state INVALID,NEW -j DROP
iptables -A INPUT -i eth0 -m state --state INVALID,NEW -j DROP
# allow PING to the special type of icmp
iptables -A INPUT -i eth0 -p icmp --icmp-type 0 -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type 11 -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp --icmp-type 11 -j ACCEPT
#iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -j ACCEPT
#iptables -A OUTPUT -o eth0 -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
iptables -A INPUT -i io -j ACCEPT
iptables -A OUTPUT -o io -j ACCEPT
#allow host uses SSH to access
iptables -A INPUT -i eth1 -p tcp --dport 22 -s 205.220.30.0/24 -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --dport 22 -d 205.220.30.0/24 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 80 -s 205.220.30.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 80 -s 205.220.30.0/24 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 443 -s 205.220.30.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 443 -s 205.220.30.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 2357 -s 205.220.30.0/24 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 2357 -s 205.220.30.0/24 -j ACCEPT
网络总是时好时坏,大家看看iptables规则哪里有错误
-
xiehuipiaofeng
- 帖子: 85
- 注册时间: 2007-07-31 23:04